what you don't know can hurt you
Showing 1 - 25 of 13,563 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-3936-2
Posted Apr 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9210
MD5 | e81b6adc98d79569f699eba1d080e44a
Sony Smart TV Information Disclosure / File Read
Posted Apr 24, 2019
Authored by xen1thLabs

Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
advisories | CVE-2019-10886, CVE-2019-11336
MD5 | 3b42bd8fb1eb2d499baf7ea58fa34007
Ubuntu Security Notice USN-3922-2
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
MD5 | 9a003b95860a0fb761d2ab88343099f7
Ubuntu Security Notice USN-3953-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11034
MD5 | 29f1a73f80be8c44ca45d84e596fe893
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Posted Apr 19, 2019
Authored by Tavis Ormandy, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).

tags | exploit, arbitrary, root
systems | linux, fedora
advisories | CVE-2010-4170
MD5 | b8d10e29a77409ce1871a790dad33d49
Ubuntu Security Notice USN-3950-1
Posted Apr 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3950-1 - It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9917
MD5 | e044a6e5ad6e7b9d1ce9c6b7967e20e9
LibreOffice Macro Code Execution
Posted Apr 17, 2019
Authored by Alex Infuhr, Shelby Pace | Site metasploit.com

This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.

tags | exploit, arbitrary
advisories | CVE-2018-16858
MD5 | 931f1709eb9d70968931648408852ccd
Ubuntu Security Notice USN-3914-2
Posted Apr 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
MD5 | 638dfeb13e7ed7bedc1821f142a0ea35
Gentoo Linux Security Advisory 201904-17
Posted Apr 17, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000156, CVE-2018-6951, CVE-2018-6952
MD5 | 017e679302f95501df2396c0d43d999d
Debian Security Advisory 4433-1
Posted Apr 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4433-1 - Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, ruby
systems | linux, debian
advisories | CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325
MD5 | cde89a6b98e0742a91f9ce6c76c269a6
Ubuntu Security Notice USN-3918-4
Posted Apr 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-4 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9791, CVE-2019-9793, CVE-2019-9799, CVE-2019-9803, CVE-2019-9808
MD5 | 84b03fa22a51ba0b63c8c1a390101295
Ubuntu Security Notice USN-3948-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-11070, CVE-2019-8518, CVE-2019-8536, CVE-2019-8559
MD5 | afdf0e0cecca2a8868662e6759e344de
Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0732
MD5 | c842665e8c982e999825c50d9c78df7a
Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0796
MD5 | dd49da95f51474f4c5e19bc2d1015952
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
Posted Apr 16, 2019
Authored by Haboob Team

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-10945
MD5 | 8cd07fef6144f3579e25aa9810aebe07
Gentoo Linux Security Advisory 201904-16
Posted Apr 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-16 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could result in the arbitrary execution of code. Versions less than 4.8.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12613, CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
MD5 | c55eee83c2f12ed76c72df06e2fe541e
Debian Security Advisory 4431-1
Posted Apr 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4431-1 - Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863
MD5 | bea7798b5732080dad27f598640a90fe
RemoteMouse 3.008 Arbitrary Remote Command Execution
Posted Apr 15, 2019
Authored by 0rphon

RemoteMouse version 3.008 suffers from an arbitrary remote command execution vulnerability.

tags | exploit, remote, arbitrary
MD5 | c1044543a8cdc82ff39180dc019ed499
Cisco RV130W Routers Management Interface Remote Command Execution
Posted Apr 14, 2019
Authored by Quentin Kaiser, Yu Zhang, T. Shiomitsu, Haoliang Lu | Site metasploit.com

A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.

tags | exploit, remote, web, arbitrary
systems | cisco
advisories | CVE-2019-1663
MD5 | 6336d4a93f5e62a21b302b4b5a610e40
Ubuntu Security Notice USN-3945-1
Posted Apr 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3945-1 - It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2019-8320, CVE-2019-8324
MD5 | e31c0b3ee67169a56b90d68e0524ec93
Ubuntu Security Notice USN-3946-1
Posted Apr 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-1000018
MD5 | 4f673b4e30b7456bf9f5c03e61b35cf6
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 720c50c8ee708b2b3df793d3b1d82de3
Microsoft Windows Contact File Format Arbitary Code Execution
Posted Apr 11, 2019
Authored by hyp3rlinx, Brenner Little | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact files.

tags | exploit, remote, arbitrary
systems | windows
MD5 | 6ee12bdb2b9701fe2b95191dbd4279bd
Gentoo Linux Security Advisory 201904-13
Posted Apr 11, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-13 - Multiple vulnerabilities have been found in Git, the worst of which could result in the arbitrary execution of code. Versions less than 2.20.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-19486
MD5 | 71c3a2ccb1f6d31afc1cd5bcc6cfe2a2
Horde Form Shell Upload
Posted Apr 10, 2019
Authored by Ratiosec | Site metasploit.com

Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent versions prior to 2.0.19.

tags | exploit, remote, arbitrary, php
advisories | CVE-2019-9858
MD5 | 77733e9ad4d5217473e6f849c3b3ec6a
Page 1 of 543
Back12345Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    4 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close